Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change Android SafetyNet attestation type identifier ? #128

Closed
equalsJeffH opened this issue Jun 10, 2016 · 2 comments
Closed

Change Android SafetyNet attestation type identifier ? #128

equalsJeffH opened this issue Jun 10, 2016 · 2 comments
Assignees
@balfanz @rlin1
Labels
type:technical
Milestone
Last Working Draft

Comments

@equalsJeffH
Copy link
Contributor

Android SafetyNet attestation type identifier is presently given as:
Android Attestation (type="android")
However, Android N adds another form of "hardware attestation" for which we will have to allocate another attestation type identifier.

  1. Do we leave the SafetyNet attestation type identifier as "android" and, e.g., define the new so-called "android N hardware attestation" type identifier as "android2" ?
  2. Or redefine SafetyNet attestation type identifier as say "AndroidSafetyNet" and the new so-called "android N hardware attestation" type identifier as say "AndroidN" ?

Personally, I think I'd go with (1) at this point. And if for some reason yet another attestation signature format emerges from Android, it can just be labeled "android3".
@equalsJeffH equalsJeffH added this to the CR milestone Jun 10, 2016
@rlin1
Copy link
Contributor

rlin1 commented Jul 3, 2016

I propose to replace the existing SafetyNet with Android "N" attestation, since in Android "N", the (1) attestation is computed by the Authenticator and (2) the the authenticator includes the public key.
In SafetyNet, the App provides a public key to be included and the attestation is computed by the platform.

@rlin1 rlin1 self-assigned this Jul 3, 2016
@equalsJeffH equalsJeffH assigned balfanz and rlin1 and unassigned rlin1 and balfanz Aug 22, 2016
@equalsJeffH
Copy link
Contributor Author

the GOOG folk likely should weigh-in on Rolf's suggestions re "replace the existing SafetyNet with Android "N" attestation".

also, I note that the original issue raises the meta-question of what is the syntax and semantics of attestation format identifiers.

vijaybh added a commit that referenced this issue Sep 16, 2016
@vijaybh
Incorporated feedback from @rlin1
f3fa6b3 
Also cleaned up wording and naming for consistency.

Added Android N attestation format. Fixes #103.

Changed name for SafetyNet attestation format. Fixes #128.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@balfanz balfanz

@rlin1 rlin1

Labels
type:technical
Projects
None yet
Milestone
Last Working Draft
Development

No branches or pull requests
3 participants
@equalsJeffH @balfanz @rlin1